Malware targeting Android devices continues to create problems for users. As of March 2016, an estimated 1.3 to 1.4 billion people owned Androids across the globe, and 352 million purchased them during the last quarter of 2016.

As the popularity of the Google-developed operating system rises, hackers churn out new ways to steal personal or financial data, falsify ad revenue and spy on users.

Here are five types of malware you need to watch out for:

Copycat

Copycat disguises itself as a popular app found in third-party stores. Once it infiltrates a device, it gathers data, roots the smartphone and disconnects its security system. It can gain control of the Zygote - the Android's app launcher - which allows it to record each app a victim opens or downloads.

The malware can send revenue earned from applications' pop-up ads to hackers instead of app developers. Check Point Security estimates that up to 4.9 million fake apps were installed on infected devices, producing up to 100 million ads. In 60 days, CopyCat pulled in more than $1.5 million and sent it to third-party criminals.

Cybersecurity experts linked the attack to MobiSummer, a Chinese tech startup and app developer. It remains unclear if the company was directly involved or a victim itself.

Devices with operating system Android 5.0 or older are still vulnerable to Copycat, which was most active in April and May 2016. Though all affected apps have been removed from the Play Store, Google believes up to 50,000 devices could still be infected.

SpyDealer

SpyDealer can steal data from more than 40 popular mobile device apps, including Skype, Facebook, WhatsApp and the Firefox browser. According to Palo Alto Networks, the malicious software can spy on victims' call histories, contacts, Wi-Fi information and locations by exploiting the operating system's accessibility feature.

SpyDealer can answer and record phone calls, audio clips and video footage. It can also take screenshots or photos using the device's front and rear camera.

At least three versions of SpyDealer are currently active, with the oldest sample dating back to October 2015. It's unclear how the malicious software made its way onto devices, but evidence suggests that users in China became "infected through compromised wireless networks."

GhostCtrl, a form of malware that can secretly film and record user activity, can hide behind the names of popular apps like WhatsApp and Pokemon Go.

There are three versions of GhostCtrl - one restricts a device's functions and collects its data, a second version behaves like ransomware and can freeze a victim's smartphone, and a third carries out a combination of the first two strains.

Marcher poses as an Adobe Flash Player update and can obtain login credentials from at least 40 different retail, social media and banking apps.

The deceptive software appeared earlier this year as a fraudulent version of "Super Mario Run" for Android devices.

The malware can produce fake login pages for popular third-party apps like TD Bank, Google, Yahoo, Chase Bank, Paypal, Citibank, Walmart, Amazon, Western Union, Facebook and more. The targets are programmed into its payload, but can be later modified by hackers.

Dvmap has been downloaded more than 50,000 times from the Google Play Store since March. It can inject code into a device's system library and eliminate root-detection software that identifies malevolent programs.

Dvmap was hidden inside puzzle game "Colourblock," which has been removed from Google's digital marketplace. To bypass security, creators uploaded a "clean" app and updated it with a malicious version for a brief period of time - often less than 24 hours.